From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ruslan Nikolaev <nruslan_devel@yahoo.com>
Subject: Question about grant table
Date: Mon, 23 Apr 2012 14:13:53 -0700 (PDT)
Message-ID: <1335215633.81955.YahooMailNeo@web124503.mail.ne1.yahoo.com>
Reply-To: Ruslan Nikolaev <nruslan_devel@yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Return-path: <xen-devel-bounces@lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

Hi

I have a question regarding a grant table. I have a case when I have some s=
hared (between domains) pages mapped to the user space. I created a special=
 driver which implements mmap(). That, in turns, will execute gnttab_map_re=
fs(). This all works fine until I want to do something like exec().

After I do exec(), I want to mmap() the *same* pages (i.e. using the same g=
rant references) to some new user address space which is chosen by mmap(). =
During exec(), it will invalidate user address space, and=A0 release() from=
 mmu_notifier will be called. This means, that my driver will execute gntta=
b_unmap_refs. After exec() succeeded, I invoke mmap() again which will do g=
nttab_map_refs().

At this point I get kernel errors like this:
[=A0 198.939095] BUG: Bad page map in process a.out=A0 pte:80000002457f1167=
 pmd:245094067
[=A0 198.939099] page:ffffea000915fc40 count:1 mapcount:-1 mapping:=A0=A0=
=A0=A0=A0=A0=A0=A0=A0 (null) index:0xffff8802d958f720
[=A0 198.939102] page flags: 0x8000000000000814(referenced|dirty|private)
[=A0 198.939109] addr:00007fd302f40000 vm_flags:000e00fb anon_vma:=A0=A0=A0=
=A0=A0=A0=A0=A0=A0 (null) mapping:ffff8802d782f760 index:0
[=A0 198.939124] vma->vm_ops->fault: 0x0
[=A0 198.939128] vma->vm_file->f_op->mmap: syscall_driver_mmap+0x0/0xc9 [sy=
scall_driver]


So, I have two questions in this regard:
1. Does gnttab_unmap_refs removes grant references, so that I cannot use th=
em any longer? What would be proper way to preserve grant references but at=
 the same time unmap from the current user address space shared pages?

2. What happens to the counters like count, mapcount when I do gnttab_map_r=
efs() and gnntab_unmap_refs()?

Thanks,
Ruslan